Add Brandit.com as DNS provider

[ChristianGroentved]

Adds support for the Brandit DNS provider.

Fixes #1876

The company I work for is a customer of Brandit and are willing to set aside resources to maintain this provider

Output of command, example.com was replaced with example..com and parts are masked

$ ./lego -m [email protected] --dns brandit -d "*.example.XXXXX.com" -d example.XXXXX.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
2023/04/11 09:39:05 No key found for account [email protected]. Generating a P256 key.
2023/04/11 09:39:05 Saved key to /Users/XXXXX/XXXXX/lego/dist/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2023/04/11 09:39:06 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you accept the TOS? Y/n
Y
2023/04/11 09:39:08 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/Users/XXXXX/XXXXX/lego/dist/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2023/04/11 09:39:08 [INFO] [*.example.XXXXX.com, example.XXXXX.com] acme: Obtaining bundled SAN certificate
2023/04/11 09:39:09 [INFO] [*.example.XXXXX.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6078251564
2023/04/11 09:39:09 [INFO] [example.XXXXX.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6078251574
2023/04/11 09:39:09 [INFO] [*.example.XXXXX.com] acme: use dns-01 solver
2023/04/11 09:39:09 [INFO] [example.XXXXX.com] acme: Could not find solver for: tls-alpn-01
2023/04/11 09:39:09 [INFO] [example.XXXXX.com] acme: Could not find solver for: http-01
2023/04/11 09:39:09 [INFO] [example.XXXXX.com] acme: use dns-01 solver
2023/04/11 09:39:09 [INFO] [*.example.XXXXX.com] acme: Preparing to solve DNS-01
2023/04/11 09:39:20 [INFO] [*.example.XXXXX.com] acme: Trying to solve DNS-01
2023/04/11 09:39:20 [INFO] [*.example.XXXXX.com] acme: Checking DNS record propagation using [10.145.42.15:53 10.45.0.11:53 10.45.0.12:53]
2023/04/11 09:39:22 [INFO] Wait for propagation [timeout: 30m0s, interval: 2s]
2023/04/11 09:42:58 [INFO] [*.example.XXXXX.com] acme: Waiting for DNS record propagation.
.
.
.
2023/04/11 09:44:21 [INFO] [*.example.XXXXX.com] acme: Waiting for DNS record propagation.
2023/04/11 09:44:27 [INFO] [*.example.XXXXX.com] The server validated our request
2023/04/11 09:44:27 [INFO] [*.example.XXXXX.com] acme: Cleaning DNS-01 challenge
2023/04/11 09:44:36 [INFO] sequence: wait for 0s
2023/04/11 09:44:36 [INFO] [example.XXXXX.com] acme: Preparing to solve DNS-01
2023/04/11 09:44:50 [INFO] [example.XXXXX.com] acme: Trying to solve DNS-01
2023/04/11 09:44:50 [INFO] [example.XXXXX.com] acme: Checking DNS record propagation using [10.145.42.15:53 10.45.0.11:53 10.45.0.12:53]
2023/04/11 09:44:52 [INFO] Wait for propagation [timeout: 30m0s, interval: 2s]
2023/04/11 09:44:53 [INFO] [example.XXXXX.com] acme: Waiting for DNS record propagation.
.
.
.
2023/04/11 09:46:23 [INFO] [example.XXXXX.com] acme: Waiting for DNS record propagation.
2023/04/11 09:46:29 [INFO] [example.XXXXX.com] The server validated our request
2023/04/11 09:46:29 [INFO] [example.XXXXX.com] acme: Cleaning DNS-01 challenge
2023/04/11 09:46:39 [INFO] [*.example.XXXXX.com, example.XXXXX.com] acme: Validations succeeded; requesting certificates
2023/04/11 09:46:40 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2023/04/11 09:46:41 [INFO] [*.example.XXXXX.com] Server responded with a certificate.

[ldez]

Hello, in order for a PR adding a DNS provider to be accepted, you have to:

• add a description to your PR
• be able to maintain this provider
• have a homogeneous design with the other providers
• add tests (units)

make test

• add tests ("live")
  

  lego/providers/dns/cloudflare/cloudflare_test.go

  Lines 125 to 151 in c938de6

  	func TestLivePresent(t *testing.T) {
  	if !envTest.IsLiveTest() {
  	t.Skip("skipping live test")
  	}
  	envTest.RestoreEnv()
  	provider, err := NewDNSProvider()
  	require.NoError(t, err)
  	err = provider.Present(envTest.GetDomain(), "", "123d==")
  	require.NoError(t, err)
  	}
  	func TestLiveCleanUp(t *testing.T) {
  	if !envTest.IsLiveTest() {
  	t.Skip("skipping live test")
  	}
  	envTest.RestoreEnv()
  	provider, err := NewDNSProvider()
  	require.NoError(t, err)
  	time.Sleep(2 * time.Second)
  	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
  	require.NoError(t, err)
  	}

make test

• add a provider descriptor
• generate CLI help, documentation, and readme.

make generate-dns

• be able to do: (and put the output of this command to a comment in your PR)

rm -rf .lego

./lego -m [email protected] --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.

• pass the linter (golangci-lint must be installed):

make checks

• do go mod tidy

[ldez]

hello,

the 48 commits can be squashed because they don't help with the review.
can you also rebase your PR on the HEAD of the branch master?

Note: avoid using a fork from an organization because a maintainer (or our automation) cannot modify the PR.

[ldez]

there is still this one #1890 (comment)

[Andrei-Predoiu]

Question, The default timeout is usually not enough. Should i do anything about that like leave a message or set a different default?

[ldez]

You can set the best default for the provider.

[Andrei-Predoiu]

I think this is everything. Thanks for taking the time to do such a thorough review.

[ldez]

can you run the make generate-dns once again?

[ldez]

can you also give me the "new" output of the following command:

./lego -m [email protected] --dns brandit -d "*.example.XXXXX.com" -d example.XXXXX.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

[Andrei-Predoiu]

./lego -m [email protected] --dns brandit -d "*.example.xxxxx.com" -d example.xxxxx.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

$ lego -m [email protected] --dns brandit -d "*.example.xxxxxxx.com" -d example.xxxxxxx.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
2023/04/13 18:29:51 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you accept the TOS? Y/n
Y
2023/04/13 18:29:53 [INFO] acme: Registering account for  [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/mnt/e/dev/src/github.com/xxxxxxx/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2023/04/13 18:29:53 [INFO] [*.example.xxxxxxx.com, example.xxxxxxx.com] acme: Obtaining bundled SAN certificate
2023/04/13 18:29:54 [INFO] [*.example.xxxxxxx.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6106562984
2023/04/13 18:29:54 [INFO] [example.xxxxxxx.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6106562994
2023/04/13 18:29:54 [INFO] [*.example.xxxxxxx.com] acme: use dns-01 solver
2023/04/13 18:29:54 [INFO] [example.xxxxxxx.com] acme: Could not find solver for: tls-alpn-01
2023/04/13 18:29:54 [INFO] [example.xxxxxxx.com] acme: Could not find solver for: http-01
2023/04/13 18:29:54 [INFO] [example.xxxxxxx.com] acme: use dns-01 solver
2023/04/13 18:29:54 [INFO] [*.example.xxxxxxx.com] acme: Preparing to solve DNS-01
2023/04/13 18:30:23 [INFO] [example.xxxxxxx.com] acme: Preparing to solve DNS-01
2023/04/13 18:30:34 [INFO] [*.example.xxxxxxx.com] acme: Trying to solve DNS-01
2023/04/13 18:30:34 [INFO] [*.example.xxxxxxx.com] acme: Checking DNS record propagation using [172.25.96.1:53]
2023/04/13 18:30:36 [INFO] Wait for propagation [timeout: 30m0s, interval: 2s]
2023/04/13 18:30:36 [INFO] [*.example.xxxxxxx.com] acme: Waiting for DNS record propagation.
2023/04/13 18:30:38 [INFO] [*.example.xxxxxxx.com] acme: Waiting for DNS record propagation.
...
2023/04/13 18:35:33 [INFO] [*.example.xxxxxxx.com] acme: Waiting for DNS record propagation.
2023/04/13 18:35:35 [INFO] [*.example.xxxxxxx.com] acme: Waiting for DNS record propagation.
2023/04/13 18:35:42 [INFO] [*.example.xxxxxxx.com] The server validated our request
2023/04/13 18:35:42 [INFO] [example.xxxxxxx.com] acme: Trying to solve DNS-01
2023/04/13 18:35:42 [INFO] [example.xxxxxxx.com] acme: Checking DNS record propagation using [172.25.96.1:53]
2023/04/13 18:35:44 [INFO] Wait for propagation [timeout: 30m0s, interval: 2s]
2023/04/13 18:35:44 [INFO] [example.xxxxxxx.com] The server validated our request
2023/04/13 18:35:44 [INFO] [*.example.xxxxxxx.com] acme: Cleaning DNS-01 challenge
2023/04/13 18:35:55 [INFO] [example.xxxxxxx.com] acme: Cleaning DNS-01 challenge
2023/04/13 18:36:05 [INFO] [*.example.xxxxxxx.com, example.xxxxxxx.com] acme: Validations succeeded; requesting certificates
2023/04/13 18:36:05 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2023/04/13 18:36:06 [INFO] [*.example.xxxxxxx.com] Server responded with a certificate.

[ldez]

LGTM

[Andrei-Predoiu]

What code inspection tool do you use? I normally just use goland and it doesn't complain about double lines. I installed golangci-lint but it seems to give me nonsense

/lego/providers/dns/brandit$ golangci-lint run
WARN [runner] Can't run linter goanalysis_metalinter: gci: 4:7: expected ';', found "net/http" (and 2 more errors)
ERRO Running error: 1 error occurred:
        * can't run linter goanalysis_metalinter: gci: 4:7: expected ';', found "net/http" (and 2 more errors)

[ldez]

You have to run the linter at the root of the project.

FYI, I'm also a core maintainer of golangci-lint 😉

[ldez]

LGTM